Rating: 5.0
Abuse 2.26 CVE to gain heap overflow using tcache, then write to stdout data to leak libc, then tcache poison to write to `__free_hook`
I don't remember